Ransomware attack on Red Deer College thwarted

Red Deer College says itmanaged to ward off a ransomwareattack last Friday after an employee downloaded an infected file but quickly noticed something was amiss and alerted the school's IThelp desk.

"We were able to lock down the system within about five minutes," saidJim Brinkhurst,vice-president of college services.

"As a result of the quick response, we did not lose any data."

• University of Calgary paid $20K in ransomware attack
• Ransomware attacks easy to launch, security expert warns

Post-secondary institutions, in particular, need to be prepared for these types of attacks, according to Chester Wisniewski, a senior security adviser with Sophos, a computer security firm based in Vancouver.

"I would actually be surprised if any significantly sized organizations especially something like a university, which is rather difficult to put controls on compared to a company hasn't experienced some ransomware attacks, although obviously not usually as high of profile or as visibly as the ones at the University of Calgary," he said.

The U of C revealed earlier this month it had paid $20,000 to hackers who infected university computers with ransomware, which encrypts valuable data and renders it useless to the owners unless they pay a fee to the attackers to decrypt it.

Wisniewski said most attacks come in the form of a fake emailthat tricks recipients into downloading an infected attachment. Lately, he saidattackers have targeted Canadians with official-looking emails purporting to come from the Canada Revenue Agency.

He said other attacks rely onexploitingvulnerabilities in software, particular Adobe Flash, to infect computers that visit websites controlled by hackers.

In Red Deer College's case, Brinkhurst said the employee had downloaded a file, not through email,that was infected when she noticed her error and called for support.

The college has been stepping up its defences against cyber attacks in the past six to eight months, he added, with extra training for faculty and staff on how to avoid becoming victims.

Make sure to backup your information

Wisniewski recommends regularly updating your computer's software, running a current anti-virus program, and being skeptical of unsolicited messages asking you download files or visit unfamiliar websites.

Regularly backing up your data is "critically important," he added, and can save you a major headache in addition to money in the event that you do fall victim to a ransomware attack.

"At the University of Calgary, it could have saved them $20,000," he said.

"If you've got extra copies of all your sensitive information, you can tell the bad guys to take a hike and just go and get your backup hard drive."